Text spam - recognising it and what to do next.

At Three, we take text spam and phishing attempts seriously. If you received a text message asking you to enter your card details or other personal information, it’s likely text spam and you should delete the message immediately.

What is text spam, or Smishing?

Text spam (also known as SMS Phishing or Smishing for short) is a common method used by scammers to trick you into going to a website or to call a specified number. Once you’ve responded, they’ll ask you to provide confidential details, attempt to infect your device with malware, or get you to respond to a premium rate service.

These messages can be very convincing and look like genuine messages sent by organisations you deal with.

Here are a few telltale signs on how to spot a Smishing attack.

What does a Smishing message look like?

If done well, it’ll look like a genuine message you’d receive from us, but there are some clues to look out for:

Smishing messages often make a request that plays on your emotions. For example, the message might claim that:

• You’re in danger of being locked out of your account, or that your Three account has been compromised if you don’t respond.
• You've won something or can get something for free or at a bargain price – but only if you act fast.

Simply receiving a Smishing message won’t affect the security of your device or information, you have to reply to the message for that to happen. As a result, they’ll always seek for you to take an action, such as:

• Clicking on a link (which could install malware on your device)
• Entering confidential information, e.g., passwords, date of birth etc.
• Phoning a number and asking you for confidential information or to get you to call a premium rate service. 

What should you do if you think you’ve received a suspicious message?

Our advice is:

• Don’t click on links unless you’re 100% sure they’re genuine.
• Think about whether the sender would contact you in this way – most companies won’t ask you to confirm bank details over text message.
• Remember the advice “If it looks too good to be true it probably is”.
• Don’t respond to any suspicious messages – this may lead to you being targeted again.
• Forward the message on to 7726 free of charge so your mobile phone provider can investigate and act.

If you’re still unsure, contact the sending organisation directly to confirm the authenticity of the message (don’t use any of the contact details included in the message) by going directly to their official website and use the contact details on their home page.

Need more information about staying safe online? Check out our Privacy and Security hub.